terraform-provider-aws: `aws_acm_certificate_validation` wrongly reporting invalid `certificate_arn` on v4.12.0
Community Note
- Please vote on this issue by adding a π reaction to the original issue to help the community and maintainers prioritize this request
- Please do not leave β+1β or other comments that do not add relevant new information or questions, they generate extra noise for issue followers and do not help prioritize the request
- If you are interested in working on this issue or have submitted a pull request, please leave a comment
Terraform CLI and Terraform AWS Provider Version
1.1.8, and the just-released v4.12.0
Affected Resource(s)
aws_acm_certificate_validation
Terraform Configuration Files
resource "aws_route53_zone" "test" {
name = "some-zone."
}
resource "aws_acm_certificate" "test" {
domain_name = "*.some-zone"
validation_method = "DNS"
}
resource "aws_route53_record" "test-a-record" {
zone_id = aws_route53_zone.test.zone_id
name = aws_route53_zone.test.name
type = "A"
alias {
name = some_target_hostname
zone_id = lb_zone
evaluate_target_health = true
}
lifecycle {
ignore_changes = [records, ttl]
}
}
resource "aws_route53_record" "test" {
for_each = {
for dvo in aws_acm_certificate.test.domain_validation_options : dvo.domain_name => {
name = dvo.resource_record_name
record = dvo.resource_record_value
type = dvo.resource_record_type
}
}
allow_overwrite = true
name = each.value.name
records = [each.value.record]
ttl = 60
type = each.value.type
zone_id = aws_route53_zone.test.zone_id
}
resource "aws_acm_certificate_validation" "test" {
certificate_arn = aws_acm_certificate.test.arn
validation_record_fqdns = [for record in aws_route53_record.test : record.fqdn]
}
Expected Behavior
Terraform plan should have found no changes on my aws_acm_certificate_validation resource in this case.
Actual Behavior
Error: reading ACM Certificate (2022-04-25 20:00:08.983 +0000 UTC):
ValidationException: 1 validation error detected: Value '2022-04-25 20:00:08.983 +0000 UTC' at 'certificateArn' failed to satisfy constraint:
Member must satisfy regular expression pattern: arn:[\w+=/,.@-]+:acm:[\w+=/,.@-]*:[0-9]+:[\w+=,.@-]+(/[\w+=,.@-]+)*
(it errors out reading the aws_acm_certificate_validationβs certificate_arn)
Β
Steps to Reproduce
terraform plan with an existing, unchanged aws_acm_certificate_validation in state, after upgrading to v4.12.0
This did NOT occur on any previous releases (I hadnβt version locked my providers yet for this new setup, and it just started.)
Locking my version to v4.11.0 resolved the issue, plan worked as expected.
About this issue
- Original URL
- State: closed
- Created 2 years ago
- Reactions: 96
- Comments: 27 (9 by maintainers)
We are planning on releasing a
v4.12.1patch with this (and maybe one other) bug fix later today.Can confirm that I am also facing the same issue on
v4.12.0I wasnβt locking the provider version earlier, but now have locked to
v4.11.0and that has fixed the issue.Fix confirmed! Just tried the same resources on
4.12.1, everything worked βThanks for the quick fix yβall!
The same here π
+1
+1
Deleted
+1
For the time being, just add the following to your terraform provider block.
That will pin the aws provider to the previous version.
4.12.0 introduced the issue I would never expect for the fix to be released to the same tag
Same issueβ¦ waiting for a faster-than-light fix π
https://registry.terraform.io/providers/hashicorp/aws/latest/docs/resources/acm_certificate_validation
https://github.com/hashicorp/terraform-provider-aws/compare/v4.11.0...v4.12.0#diff-da27748319004d756e8526be1691fbfad4b2e7a5c2ffccf691e6447ea945a42dR98-R107
This is the problem.